Cybersecurity for Your Collision Repair Business - BodyShop Business

Cybersecurity for Your Collision Repair Business

Strengthening your business' Web security through strong passwords will ensure that your information stays safe.

Password: fluffy1234. One of our clients asked us to use this for setting up his email, telling us it was the name of his wife’s cat. “Admin” was another client’s request for a username, and he wanted his password to be 1234. Nope! No way, no how! We vigorously refuse to put unsecure passwords in place. “But they’re hard to remember, I have so many of them,” said one business owner. “I just keep them all the same, it makes it easier to keep it all straight,” said another. And that makes it easier for thieves to make life a living nightmare. And if they aren’t thieves, they are, at the very least, vandals.

Real Threats
Consider this a warning shot across your business bow. There are plenty of people out there gunning for weaknesses in website passwords, email passwords and databases with information of value – names, addresses, phone numbers, email and credit card information. How secure are you and your business?

Threats to your cybersecurity are all too real. If you haven’t been impacted by identity theft, hacked emails and websites or data breaches, consider yourself lucky. To protect yourself – and your business – from cybersecurity threats, you need a plan. Here are nine things you need to address:

1. Policies and training: Set up rules and policies to protect your business. Have systems in place, then train employees and set up consequences for non-compliance.

2. Passwords: Strong passwords need to be set up. Here’s a free source for the creation of a highly encrypted password: Some policies to follow include:

  • Don’t use the same password across multiple accounts.
  • Passwords should be at least 15 to 20 characters long and include numbers, upper and lower case letters, and symbols.
  • Don’t use family names, initials, pets, birthdates, addresses, towns or full words in general, phone numbers or mathematical sequences as passwords.
  • Do not permit your browser or FTP client programs to save your passwords. Any password saved in this manner can easily be discovered with a single click using some programming script.
  • Do not access important, password-protected accounts from public computers or someone else’s computer.
  • Change your passwords regularly. Monthly is best, quarterly at the very least.
  • Keep passwords straight using phone apps or an online password management system. PC Magazine suggests the following: KeePass (free, download to your computer),; LastPass (free, cloud-based),; RoboForm Desktop 7 (for one PC), or RoboForm Everywhere 7 (multiple PCs) (from $29.95) Alternatively, save your passwords as plain text, then encrypt them with AES Crypt or AxCrypt.
  • When employees leave the company, change all passwords that person was familiar with.

3. Virus/malware protection: Your computers must have the latest virus and malware protection installed and operating. It must be updated regularly, then have a full scan run after each update.

4. Firewall: A firewall should be set up for your company’s Internet connection. Talk with an IT professional about what that entails.
Firewalls protect your private network data from being breached by outsiders.

5. Mobile device protocol: Mobile devices used by your team can pose significant threats. They may contain confidential information and are frequently used to access company networks. Password protect these devices, and have security apps installed. Encrypt all important data. Devices connecting to public networks at coffee shops, libraries, schools, etc., are particularly vulnerable to attack.

6. Back up data: Nothing is sacred. Back up your data regularly.  Email, documents, spreadsheets, databases, accounting files, HR files, etc., are irreplaceable and should be backed up regularly, preferably automatically. Services like Carbonite or Barracuda are great for this purpose. If you make your own backups, put them on two external drives and keep them in a safe deposit box. Alternate these drives with each backup.

7. Wi-Fi: Secure your company Wi-Fi account with a highly encrypted password, which will help block outsiders from getting into your company network. If you offer a public access point for customers to use, make it separate from your business network.

8. Credit card processing: Work closely with whatever service you use to process credit cards and make sure you’re using the most trusted, validated and anti-fraud system possible. Use an isolated computer for these transactions, not one used for going online.

9. Give limited access: Give access to employees only on a need-to-know basis, only for the processes they use. No person other than the owner should have access to all this information. We call this having the “keys to the castle.” Give these keys to a trusted attorney who’s in charge of the owner’s estate should something happen, with strict instructions that these be given out ASAP to a specific person in the event of the owner’s demise.

Not So Hard

Sure, it’s hard to do all this, but it’s much harder to fix a data breach, undo the damage done by hackers and apologize to customers for their personal information being stolen. Set a goal to get this done before the end of the year.

BSB Contributing Editor Mark Claypool has more than 30 years of experience in the fields of workforce development, apprenticeships, marketing and Web presence management with SkillsUSA, the
I-CAR Education Foundation, Mentors at Work, VeriFacts Automotive and the NABC. He is the CEO of Optima Automotive (, which provides website design, SEO services and social media management services.

You May Also Like

Are You Ready to ROCK in 2023?

Do you know a “rockstar” in the automotive aftermarket? Then it’s time to nominate them as a Vehicle Care RockStar!

Unless you have been on a remote desert island the past few weeks, you’ve likely seen some intriguing teasers for the latest brand launched under the Babcox Media umbrella — Vehicle Care RockStars. If you have seen it, I’m sure you’ve got some questions.

It can be tough to articulate exactly what defines a RockStar. Is it Mick Jagger’s swagger? Eddie Vedder joyously stagediving into a crowd? Eminem’s clever lyrical prowess or Beyonce’s ability to inspire viral TikTok dances? Elvis’ upturned lip? Is it Slash’s iconic top hat and leather jacket? Dave Grohl’s infectious anthems?

Boosting the Value of Your Business

If you have more than five years before you plan to exit your business, there are many things you can do to increase its value and decrease your asset gap.

Running a Family Collision Business: Stay in Your Lane

In a family business, it’s important to divide the duties and respect each other’s lanes.

Planning a Buyout of Your Auto Body Shop

You’re looking to retire and your partner wants to buy you out.
What is the first step in this planning process?

Consolidation Update: The Big Merger

The Service King-Crash Champions merger is a great indicator that financial interest in the collision industry remains strong.

Other Posts

BodyShop Business 2022 Executives of the Year

This year’s Single-Shop award winner is Michael Bradshaw of K & M Collision in Hickory, N.C., and the Multi-Shop winner is Matt Ebert of Crash Champions.

Conducting Collision Business: It’s a New Day

The goal is not to declare war against insurers; it is to declare independence for your organization so that you’re able to provide the highest level of service to your true customers.

Don’t Be Quint: Embrace ADAS and Modern Vehicle Equipment

We can avoid a fate similar to Quint’s in the movie Jaws if we embrace ADAS, technology and training.

Welder Woman: Forging a Trail with Fire

Jaime Shewbridge is the first woman to have won the 2020 I-CAR Instructor of the Year award and the 2021 Welding Instructor of the Year award — and she’s not done yet.